Microsoft Plans Shared Source .NET

On Wednesday, Microsoft announced plans to release what amounts to a shared-source version of its .NET infrastructure for Windows and FreeBSD.

Specifically, Microsoft says it has been working with the ECMA standards body and will release ECMA versions of the Common Language Infrastructure (CLI), a C# compiler, and an ECMAscript compiler. The CLI is similar to the Java virtual machine, in that it acts as a translator between the .NET infrastructure and other platforms. Program manager Dave Stutz says Redmond will work with Corel to develop the code.

The announcement comes against a backdrop of Microsoft's recent attack on some aspects of open source software development, particularly against the GNU General Public License (GPL). Microsoft considers the GPL impractical for business because of what it calls its viral nature, which forces developers to return any modifications to the community.

The day before the announcement, O'Reilly & Associates CEO Tim O'Reilly, Editor John Osborne, and O'Reilly Network's Rael Dornfest talked to Dave Stutz about Microsoft's first dip into the waters of public source.

Dave Stutz: One of the things we've talked about, and has been lost in the noise of the GPL issue is that there are a number of positive things about the open source movement, and we've tried to learn from those things. And we've actually been developing a family of licenses that are tools for preserving people's valuable property while enabling people to work together in business relationships ...

Certainly we are highly protective of the intellectual property that forms our crown jewel, which is Windows.... But one of the other licenses we've been working on will be associated with the code base we're talking about today. In this type of license, the goal is to put the body of the content and get as much uptake as possible, both in commercial implementations of the CLI and/or the C# language, and in terms of non-commercial derivative work.

Our intent is to have a license that is absolutely clear about people who want to look at the source code and then use what they've learned in their own source code. It will be permitted. The goal is to make that very clear, up front.

Additionally we want to make it possible for people who are doing non-commercial work, either personal hacking or research or teaching or courseware -- we want to make it very easy to use and easily available for those people ...

The licensing terms are designed so that people who want to do non-commercial ports to Linux [can do so]. That's well within the intended purpose of the license. We don't feel comfortable with Linux because of the GPL nature of the kernel ...

FreeBSD has traditionally been an operating system that encouraged unencumbered experimentation. ... And that's what we're using it for. We're using it to prove the point that you can actually implement the CLI on Unix. It's been around a long time, people use it commercially. Microsoft uses it commercially, actually. And the academic community is quite familiar with it as well.

John Osborne: So you're favoring FreeBSD over Linux because of the licensing?

Stutz: We have chosen FreeBSD because of licensing issues, yes.

Dave Stutz is speaking at the O'Reilly Open Source Convention
in San Diego, CA, July 23 - 27, 2001. Stutz will speak on a panel following Craig Mundie's talk on Microsoft's views on open source development and licensing. Dave will also speak at a session specifically on the ECMA shared source implementation. For more information, visit
our conference home page.

Microsoft's announcement is really a double announcement: They're releasing shared-source versions of their .NET framework to the curious eyes of the developer world, but they're also signalling that they're willing to work more closely with the open source community. Which part of this do you find more interesting?Post your comments

What about commercial ports? Since Microsoft intends to license the Common Language Infrastructure commercially itself, it wants to license any others who want to make a business out of it.

Stutz: The terms of the licenses will be that if you're distributing it, you're distributing it for non-commercial use.

However, if somebody wanted to do a commercial implementation of the CLI on Linux, they could certainly look at our shared source implementation and learn from it. But then, we would insist that they use their own code, in that case.

We are definitely in the business of selling a commercial implementation of the CLI, which is what we call the .NET framework. Because we're in the business of making money on that, that's sort of where these restrictions on the commercial port side of it come from.

If people thought they were interested in licensing the commercial version, or a commercial license of the shared source version. We're willing to talk. We usually are.

Appealing to academia and open source communities

Throughout the interview, Stutz stressed the importance of offering code and tailoring a license that would appeal to the academic community.

Tim: You've mentioned the academic community a couple of times. And I know from previous conversations with people at Microsoft that one of your biggest concerns about Java is its penetration in university computer science curricula. It seems in that area at least that you have Java envy. Is this designed to attack that problem?

Stutz: We are certainly interested in making this something the academic community would embrace warmly. I would certainly not describe it as Java envy. We believe there's a lot of interesting content in the CLI, lots of very interesting language infrastructure there. The C# language is a great language. It's a nice modern language that fixes a lot of the things that were wrong with VB and fixes a lot of the things that were wrong with Java, and other languages that use runtimes in that way. So we definitely are trying to appeal to the academic community on this.

Tim:
So when is it actually going to happen?

Stutz:
I think that in fourth quarter we'll have beta bits.
We're working with Corel.
We have started, we do have dev teams in place.
But it's not to the point where it's ready.
You wouldn't want to look at it right now.
It's limping along pretty badly.

Tim:
So one of the differences between open source and shared source is no release-early, release-often?

Stutz:
Well, actually that's good feedback. I think this is a pretty significant new development at Microsoft, this style of development. And I intend to learn from the community. And if you're giving me advice that we should think about releasing it earlier and in a more broken state, I'm willing to take that advice to heart and think about that and take that back to the team.

Tim: What are you doing to foster community?

Stutz: We're definitely going to try to foster multiple communities around this code base. ... In an independent announcement last week, Microsoft has started with a thing that's called the shared development process. We may try to be part of that kind of process. We will also certainly try to be part of the more traditional open source communities. This is going to be a learning adventure, for me.

Of course it won't be easy. Microsoft and the open source community have a history based on mutual suspicion.

Tim: There's a lot of skepticism about the subject of Microsoft and standards. Just for example, recent moves, such as changes to the SAMBA protocol are actually patented, so that people can't reverse engineer it without running into patent infringement. These are the kinds of things that make people say, are these really standards, or are they just standard when you can't get people by the short hairs?

Stutz: Tim, I would point you to the book you recommended to me, Cass Sunstein's book, Republic.com. He talks about this concept of deliberative discourse. And I think that's a great word to use for standards groups. Standards bodies don't exist just to stamp an existing implementation. They exist so that the members can actually work out consensus among themselves. And that is something we have been very good for the last n number of years. Certainly since the web services stuff has come up. We've really tried to create a basis based on standards coming from recognized standards organizations. I think that it's not fair to characterize us as someone who's not playing by the rules. We're definitely trying to be a good citizen when it comes to participating in these standards bodies, and now in granting our intellectual property into them.

Tim: I understand that, and in a lot of ways I agree. I guess what I'm trying to address is the feeling that whenever Microsoft says we'll play the standards game here, where's the other shoe? Where's the other piece that you think is going to be where the real value is?

Stutz: I don't think that's a fair characterization. We are in business to make money. We've never minced words about that. We believe in the commercial software model ... which says that we're in a purely intellectual property basis, which Microsoft is, and it's important to us to make money and have a sustainable business model around that.

Tim: But Cisco's in business to make money, as well. And there's a pretty clear dividing line between their standards work and their proprietary software.

Stutz: I think there's a very clear dividing line in our case as well.

Tim. Yeah, but when you take something like Kerberos and you say, let's extend it a little bit and --

Stutz: No, no, no. Let's look at that. Let's take the Kerberos case. We've been very clear about that. The Kerberos case is that, as part of the standards creation process it was recognized that all vendors would be interested in having an extensibility hook so that they could essentially incorporate their own native authentication into the Kerberos web of trust. And that's precisely what we did. We used that hook in a way that was intended. And we are willing to strike business deals with people who want to strike a business deal for that implementation detail. That is not a misuse of that standard. ...

Tim: It seems to be one of the sore points that people keep coming back to.

Stutz: There seems to be this belief that people should just give away what they've done to differentiate themselves, arbitrarily. And we're very up front about working with standards organizations and moving those standards forward. And at the same time, we are interested in having things that will allow us to differentiate ourselves in the marketplace and have a sustainable business model.

Tim: That's fair. I understand the concept. I think there is a trust issue that goes back to the Halloween Documents.

Stutz: There may be, with some communities, a trust issue. I agree with that. One of the intents of the project I'm working on, the CLI implementation, is to start to reach out to those communities.

What's In, What's Not, What's Next

Stutz says that the CLI being offered as shared source is a subset of what's in the .NET framework. The offerings include:

the ECMAscript compiler, written in C#, which runs on both platforms (Windows, FreeBSD)

the C# compiler, which also runs on both platforms

and the shared-source CLI.

It doesn't include

ASP.NET

ADO.NET

Windows Forms

Also, there are high performance memory managers, garbage collectors and
compilers that are in the commercial version, but not in the shared source version. "That's something that we want to charge for."

When this shared license is revealed, it will certainly be the most liberal software license Microsoft has offered. But Stutz says it's not out of the question that in the future, Microsoft's licenses will become ever more open.

"This is all about Microsoft getting serious about sharing source code in a very wide way," he said. "And it's also a serious long-term commitment to establishing the CLI as a basis for web services. It's really not a short-term, tactical Java battle."

That said, Microsoft has yet to reveal a draft of the shared source license being announced today.

"We don't actually have a license for you because they're lawyers," Stutz said. "If it was me, I'd have the license."

Tim O'Reilly is the founder and CEO of O'Reilly Media, Inc., thought by many to be the best computer book publisher in the world. In addition to Foo Camps ("Friends of O'Reilly" Camps, which gave rise to the "un-conference" movement), O'Reilly Media also hosts conferences on technology topics, including the Web 2.0 Summit, the Web 2.0 Expo, the O'Reilly Open Source Convention, the Gov 2.0 Summit, and the Gov 2.0 Expo. Tim's blog, the O'Reilly Radar, "watches the alpha geeks" to determine emerging technology trends, and serves as a platform for advocacy about issues of importance to the technical community. Tim's long-term vision for his company is to change the world by spreading the knowledge of innovators. In addition to O'Reilly Media, Tim is a founder of Safari Books Online, a pioneering subscription service for accessing books online, and O'Reilly AlphaTech Ventures, an early-stage venture firm.

Rael Dornfest is Founder and CEO of Portland, Oregon-based Values of n. Rael leads the Values of n charge with passion, unearthly creativity, and a repertoire of puns and jokes  some of which are actually good.
Prior to founding Values of n, he was O'Reilly's Chief Technical Officer, program chair for the O'Reilly Emerging Technology Conference (which he continues to chair), series editor of the bestselling Hacks book series, and instigator of O'Reilly's Rough Cuts early access program. He built Meerkat, the first web-based feed aggregator, was champion and co-author of the RSS 1.0 specification, and has written and contributed to six O'Reilly books.
Rael's programmatic pride and joy is the nimble, open source blogging application Blosxom, the principles of which you'll find in the Values of n philosophy and embodied in Stikkit: Little yellow notes that think.